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1 Generic ownership for generic Java 

Alex Potanin, James Noble, Dave Clarke, Robert Biddle 

October 2006 ACM SIGPLAN Notices , Proceedings of the 21st annual ACM SIGPLAN 
conference on Object-oriented programming systems, languages, and 
applications OOPSLA '06, Volume 41 Issue 10 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings, index 
terms 



Full text available:' 



Ownership types enforce encapsulation In object-oriented programs by ensuring that 
objects cannot be leaked beyond object(s) that own them. Existing ownership 
programming languages either do not support parametric polymorphism (type genericity) 
or attempt to add it on top of ownership restrictions. Generic Ownership provides per- 
object ownership on top of a sound generic Imperative language. The resulting system not 
only provides ownership guarantees comparable to established systems, but ... 

Keywords: Java, generics, ownership, type systems 



2 Access control policy management: Declaration and enforcement of fine-grained 
^ access restrictions for a service-based geospatial data infrastructure 
^ Andreas Matheus 

June 2005 Proceedings of the tenth ACM symposium on Access control models and 

technologies SACMAT '05 
Publisher: ACM Press 

Full text available: ^pdf (694.91 KB) Additional Information: full citation , abstract , references , index terms 

This work describes the declaration and enforcement of geospatial access restrictions for 
the infrastructure of heterogenous and distributed geospatial information objects, as they 
are accessible via the service-oriented geospatial data infrastructure (GDI). Assuming a 
valid XML markup of the objects and their geometry using the Geographic Markup 
Language (GML), which is an International standard of the Open GIS Consortium, Inc. 
(OGC), a solution is introduced that allows the declaration and enf ... 



Keywords: ACM proceedings, XACML, geospatial, object-based access restriction, spatial 
access control 
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Access ri g hts analysis for Java 

Larry Koved, Marco Pistoia, Aaron Kershenbaum 

November 2002 ACM SIGPLAN Notices , Proceedings of tiie 17tli HCVi SIGPLAN 

conference on Object-oriented programming, systems, languages, 
and applications OOPSLA '02, volume 37 issue ii 

Publisher: ACM Press 

Full text available: ffi pdff 36Q.93 KB) Additional Information: full citation , abstract, references, dtings. index 
tenns 

Java 2 has a security architecture that protects systems from unauthorized access by 
mobile or statically configured code. The problem is in manually determining the set of 
security access rights required to execute a library or application. The commonly used 
strategy is to execute the code, note authorization failures, allocate additional access 
rights, and test again. This process iterates until the code successfully runs for the test 
cases In hand. Test cases usually do not cover all paths th ... 

Keywords: Java security, access rights, call graph, data flow analysis, invocation graph, 
security 



Data groups: specifying the modification of extended state | 
K. Rustan M. Leino 

October 1998 ACM SIGPLAN Notices , Proceedings of the 13th ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, and 
applications OOPSLA '98, volume 33 issue lo 
Publisher: ACM Press 

Full text available- fglodfn 20 MB) Additional Information: full citation , abstract, references , dtings. index 
' ics-*^-^ terms 

This paper explores the interpretation of specifications in the context of an object-oriented 
programming language with subclassing and method overrides. In particular, the paper 
considers annotations for describing what variables a method may change and the 
interpretation of these annotations. The paper shows that there is a problem to be solved 
in the specification of methods whose overrides may modify additional state introduced in 
subclasses. As a solution to this problem, the paper Introduc ... 

5 Ty pes: Extractin g pro grams from type class proofs I 
Martin Sulzmann 

July 2006 Proceedings of the 8th ACM SIGPLAN symposium on Principles and 

practice of declarative programming PPDP '06 
Publisher: ACM Press 

Full text available: ^ pdf(250.86 KB) Additional Information: full citation , abstract , references , index terms 

Standard presentations of type class translation schemes exhibit some surprising 
problems when translating Haskell 98 programs. We suggests ways how to fix these 
problems based on a formal framework for extracting programs from type class proofs. 
Our description includes type improvement and recursive dictionaries — something which 
has not been formally studied before. Thus, we are able to advance the state of art of 
translating type classes and open up the possibility for new type class applic ... 

Keywords: overloading, proofs are programs principle, type classes 



6 DISC++: A C++ based library for object oriented simulation 
^ E, L. Blair, S. Selvaraj 

October 1989 Proceedings of the 21st conference on Winter simulation WSC '89 

Publisher: ACM Press 
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Full text available: ^ pdf(477.43 KB) Additional Information: full citation , abstract , references , citings , index 

terms 

The Object Oriented Programming (OOP) paradigm is generating considerable interest 
and excitement among systems analysts and programmers concerned with a wide range 
of applications. This paper presents DISC++ (Discrete event Simulation in C++), a 
library of routines written in C and C++ which supports the design and prograrnming of 
simulation models under both the event scheduling and process interaction world-views. 
DISC++ allows the simulator to construct simpler mod ... 

7 Model driven security: From UML models to access control infrastructures 
David Basin, Jtirgen Doser, Torsten Lodderstedt 

January 2006 ACM Transactions on Software Engineering and Metiiodology (TOSEM), 

Volume 15 Issue 1 
Publisher: ACM Press 

Full text available: ^ pdf(968.83 KB) Additional Information: full citation , abstract , references , index terms 

We present a new approach to building secure systems. In our approach, which we call 
Model Driven Security, designers specify system models along with their security 
requirements and use tools to automatically generate system architectures from the 
models, including complete, configured access control infrastructures. Rather than fixing 
one particular modeling language for this process, we propose a general schema for 
constructing such languages that combines languages for modeling systems with ... 

Keywords: Model Driven Architecture, Object Constraint Language, Role-Based Access 
Control, Unified Modeling Language, metamodeling, security engineering 




8 Software desig n , languages and systems: Supporting access control policies across 
^ multiple operating s ystems 
^ Lawrence Teo, Gail-Joon Ahn 

March 2005 Proceedings of the 43rd annual Southeast regional conference - Volume 
2 ACM-SE 43 

Publisher: ACM Press 

Full text available: ^ pdf(366.71 KB) Additional Information: full citation , abstract , references , index terms 

The evaluation of computer systems has been an important issue for many years, as 
evidenced by the introduction of industry evaluation guides such as the Rainbow Books 
and the more recent Common Criteria for IT Security Evaluation. As organizations depend 
on the Internet for their dally operations, the need for evaluation is even more apparent 
due to new security risks. It is not uncommon for large organizations to evaluate different 
systems, such as operating systems, to identify which would be ... 

Keywords: Chameleos, access control, extensibility, flexibility, operating systems, policy 
specification 



Sealed calls in Java packages 

Ayal Zaks, Vitaly Feldman, Nava Aizikowitz 

October 2000 ACM SIGPLAN Notices , Proceedings of tlie 15th ACM SXGPLAN 

conference on Object-oriented programming, systems, languages, and 
applications OOPSLA '00, volume 35 issue lo 

Publisher: ACM Press 

Full text available' IS Ddf(192 57 KB) Additional Information: full citation , abstract , references , citings , index 

terms 

Determining the potential targets of virtual method invocations is essential for inter- 
procedural optimizations of object-oriented programs. It is generally hard to determine 
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such targets accurately. The problem Is especially difficult for dynamic languages such as 
Java, because additional targets of virtual calls may appear at runtime. Current 
mechanisms that enable inter-procedural optimizations for dynamic languages, repeatedly 
validate the optimizations at runtime. This paper addresses this ... 

Keywords: Java, call devlrtuallzatlon, call graph, class hierarchy graph, inter-procedural 
analysis, method inllning, object-oriented programming, sealed package 

10 Essays in computing science 

C. A. R. Hoare 
January 1989 Book 

Publisher: Prentice-Hall, Inc. 

Full text available: ^ pdf(20.91 MB) Additional Information: full citation , abstract , references , cited by . review 

Charles Antony Richard Hoare is one of the most productive and prolific computer 
scientists. This volume contains a selection of his published papers. There is a need, as in 
a Shakespearian Chorus, to offer some apology for what the book manifestly fails to 
achieve. It is not a complete 'collected works'. Selection between papers of this quality Is 
not easy and, given the book's already considerable size, some difficult decisions as to 
what to omit have had to be made. Pity the editor weighin ... 

11 Ob j ect-oriented modeling using C++ 

D. Peter Sanderson, Lawrence L. Rose 

January 1988 Proceedings of the 21st annual symposium on Simulation ANSS '88 
Publisher: IEEE Computer Society Press 

Full text available-ia Ddf(m30KB) Additional Information: full citation, abstract, references , dtings. index 

Object-oriented modeling provides a natural and powerful paradigm for representing the 
elements of a discrete-state system and their behavior. The concepts of encapsulation 
and inheritance are central to the realization of the object orientation. The C + + 
programming language supports encapsulation through the class construct, and 
inheritance through derived classes. A hierarchy of C + + classes designed to support an 
event-oriented simulation viewpoint is presented. The use of this packag ... 

12 Certification of pro g rams for secure information flow 
Dorothy E. Denning, Peter J. Denning 
July 1977 Communications of the ACM, volume 20 issue 7 
Publisher: ACM Press 

Full text available: ^ pdf(918.82 KB) Additional Information: full citation , abstract , references , citings 



ertificatlon mechanism for verifying the secure flow of information through a program. 
Because it exploits the properties of a lattice structure among security classes, the 
procedure is sufficiently simple that it can easily be included in the analysis phase of most 
existing compilers. Appropriate semantics are presented and proved correct. An important 
application is the confinement problem: The mechanism can prove that a program cannot 
cause supposedly nonconfidential results to depend on conf ... 

Keywords: confinement, information flow, lattice, program certification, protection, 
security, security classes 



13 A type declaration and inference system for Smalltalk 
^ Alan H. Borning, Daniel H. H. Ingaiis 

^ January 1982 Proceedings of tlie 9tli ACM SIG PLAN -SIG ACT symposium on Principles 
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of programming languages POPL '82 

Publisher: ACM Press 

Full text available; ^ pclf(697.89 KB) Additional Information: full citation , abstract , references , citings 

An experinnental system for declaring and inferring type In Smalltalk Is described. (In the 
current Smalltalk language, the programmer supplies no type declarations.) The system 
provides the benefits of type declaration in regard to compile-tlme checking and 
documentation, while still retaining Smalltalk's flexibility. A type hierarchy, which is 
Integrated with the existing Smalltalk class hierarchy, allows one type to Inherit the traits 
of another type. A type may also have parameters, which are ... 

14 A framework for implementing p lugg able type systems | 
Chris Andreae, James Noble, Shane Markstrum, Todd Millstein 

October 2006 ACM SIGPLAN Notices , Proceedings of the 21st annual ACM SIGPLAN 
conference on Object-oriented programming systems, languages, and 
applications OOPSLA '06, Volume 41 Issue 10 ' 
Publisher: ACM Press 

Full text available- ^ pdf(294.23 KB) Additional Information: full citation , abstract , references , citing s, index 

Pluggable types have been proposed to support multiple type. systems in the same 
programming language. We have designed and implemented JavaCOP, a program 
constraint system for implementing practical pluggable type systems for Java. JavaCOP 
enforces user-defined typing constraints written in a declarative and expressive rule 
language. We have validated our design by (re)implemer)ting a range of type systems and 
program checkers. By using a program constraint system to Implement p ... 

Keywords: JavaCOP, pluggable type systems 



15 Session II: Modular g eneric programming with extensible superclasses 
Martin Sulzmann, Meng Wang 

September 2006 Proceedings of the 2006 ACM SIGPLAN workshop on Generic 
programming WGP '06 

Publisher: ACM Press 

Full text available: ^ pdf(204.45 KB) Additional Information: full citation , abstract , references, index terms 

"Generics for the Masses" (GM) and "Scrap your Boilerplate" (SYB) are generic 
programming approaches based on some inenious applications of Haskell type classes. To 
achieve modularity, the GM and SYB approach have been extended by using some 
experimental language extensions such as abstraction over type classes and recursive 
instances. Hence, the type class encodings behind the GM and SYB approach become less 
practical and harder to understand. We show that none of these type class features are 
n ... 




Keywords: generic programming, type classes 



Understanding class hierarchies using concept analysis 
Gregor Snelting, Frank Tip 

May 2000 ACM Transactions on Programming Languages and Systems (TOPLAS); 

Volume 22 Issue 3 
Publisher: ACM Press 

Full text available- ISI Ddf (433.91 KB) Additional Information: full citation , abstract , references , citings , index 

terms 

A new method Is presented for analyzing and reengineering class hierarchies. In our 
approach, a class hierarchy is processed along with a set of applications that use It, and a 



http://portal.acm.org/results.cfm?coll=ACM&dl-ACM&CFID=31273258&CF^^ 8/9/07 



Results (page 1): permission class, declaration 



Page 6 of 7 



fine-grained analysis of the access and subtype relationships between objects, variables, 
and class members is performed. The result of this analysis is again a class hierarchy, 
which is guaranteed to be behaviorally equivalent to the original hierarchy, but In which 
each object only contains the members that are req ... 

Keywords: class hierarchy reengineering, concept analysis 



17 Workshop papers: How secure is AOP and what can we do about it? | 
Bart De Win, Frank Piessens, Wouter Joosen 

May 2006 Proceedings of the 2006 international worlcshop on Software engineering 

for secure systems SESS '06 
Publisher: ACM Press 

Full text available* 151 pdfd 94 32 KB) Information: full citation , abstract , references , citing s. Index 

'1^ ' terms 

From a software engineering perspective, using Aspect-Oriented Programming (AOP) to 
build secure software has clear advantages. Until recently, the security perspective of this 
approach has been given less attention, however. This paper analyses the security risks in 
using AOP to develop secure software and discusses one particular solution to some of the 
identified risks, an aspect permission system. This permission system is one part of an 
overall AOP-based development platform for secure soft ... 

Keywords: AOP, permission system, risks, security 



^8 Full pape rs: Runtinne aspect weaving through metaprogramming 
Jason Baker, Wilson Hsieh 

April 2002 Proceedings of the 1st international conference on Aspect-oriented 

software development AOSD '02 
Publisher: ACM Press 

Full text available:i saDdf(883.36 KB) Additional Information: full citation , abstract, references , citings, index 
terms 

We describe an extension to the Java language, Handi-Wrap, that supports weaving 
aspects into code at runtime. Aspects in Handi-Wrap take the form of method wrappers, 
which allow aspect code to be inserted around method bodies like advice in AspectJ. 
Handi-Wrap offers several advantages over static aspect languages such as AspectJ. First, 
aspects can be woven into binary libraries. Second, a wrapper in Handi-Wrap is a first- 
class Java value, which allows users to exploit Java mechanisms to defin ... 

19 Jam— designing a Java extension with mixins 
^ Davide Ancona, Giovanni Lagorio, Elena Zucca 

September 2003 ACM Transactions on Programming Languages and Systems 
(TOPLAS), Volume 25 Issue 5 

Publisher: ACM Press 

Full text available- fg|pdf(1.33 MB) Additional Information: full citation , abstract , references , citings, index 
. l2J^ tepPTis . review 

In this paper we present Jam, an extension of the Java language supporting mixins, that 
is, parametric heir classes. A mixin declaration in Jam is similar to a Java heir class 
declaration, except that it does not extend a fixed parent class, but simply specifies the 
set of fields and methods a generic parent should provide. In this way, the same mixin 
can be instantiated on many parent classes, producing different heirs, thus avoiding code 
duplication and largely improving modularity and ... 

Keywords: Java, language design 
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20 Integ ratin g functional and imperative programming 

# David K. Gifford, John M. Lucassen 
August 1986 Proceedings of the 1986 ACM conference on LISP and functional 

programming LFP '86 
Publisher: ACM Press 

Full text available: ^ pdf (899.98 KB ) Additional Information: full citation , references , citings 
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^ Security and protection: Adaptiveness in well-typed Java bytecode verification 
F. Y. Huang, C. B. Jay, D. B. Skillicorn 

October 2006 Proceedings of the 2006 conference of the Center for Advanced Studies 

on Collaborative research CASCON '06 
Publisher: ACM Press 
Full text available: gpdf( 301.36 KB) 
^htm(1.80 KB ) 



Additional Information: full citation , abstract , references , index terms 



Research on security techniques for Java bytecode has paid little attention to the security 
of the Implementations of the techniques themselves, assuming that ordinary tools for 
programming, verification and testing are sufficient for security. However, different 
categories of security policies and mechanisms usually require different implementations. 
Each implementation requires extensive effort to test it and/or verify it.We show that 
programming with well-typed pattern structures in a statica ... 



2 A static t y pe system for JVIVl access control 
TomoyukI Higuchi, Atsushi Ohori 

January 2007 ACM Transactions on Programming Languages and Systems (TOPLAS), 

Volume 29 Issue 1 
Publisher: ACIVI Press 
Full text available: fill Ddf(1.07MB) 
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Full text available: 'g.edf{31L3Q_KB) Additional Information: full citation , abstract , references , citings , index 

terms 

A number of effective error detection tools have been built in recent years to check if a 
program conforms to certain design rules. An important class of design rules deals with 
sequences of events asso-ciated with a set of related objects. This paper presents a 
language called PQL (Program Query Language) that allows programmers to express such 
questions easily In an application-specific context. A queiry looks like a code excerpt 
corresponding to the shortest amount of code that would violate a ... 

Keywords: SQL injection, bug finding, pattern matching, program traces, resource leaks, 
web applications 



* Programmin g lan gua ges: SCoPE: an AspectJ compiler for supporting user-defined Q 

^ analysis-based pointcuts 

^ Tomoyuki Aotani, Hidehiko Masuhara 

March 2007 Proceedings of the 6th international conference on Aspect-oriented 
software development AOSD '07 

Publisher: ACM Press 

Full text available: ^ pdf(1 95.33 KB) Additional Information: full citation , abstract , references , index terms 

This paper proposes an approach called SCoPE, which supports user-defined analysis- 
based pointcuts in aspect-oriented programming (AOP) languages. The advantage of our 
approach is better integration with existing AOP languages than previous approaches. 
Instead of extending the language, SCoPE allows the programmer to write a pointcut that 
analyzes a program by using a conditional (if) pointcut with introspective reflection 
libraries. A compilation scheme automatically eliminates runtime tests fo ... 

Keywords: AOP, analysis-based pointcuts, aspect-oriented programming languages, 
compiler design, point-cuts 



Termination in langua g e-based systenris 
Algis Rudys, Dan S. Wallach 

May 2002 ACM Transactions on Information and System Security (TISSEC), volume s 

Issue 2 

Publisher: ACM Press 

Full text available:fg| pdf(355.43KB) Additional Information: fuildtation. abstract, references , cjtings. index 
^ terms 

Language run-time systems are increasingly being embedded in systems to support run- 
time extensibility via mobile code. Such systems raise a number of concerns when the 
code running In such systems is potentially buggy or untrusted. Although sophisticated 
access controls have been designed for mobile code and are shipping as part of 
commercial systems such as Java, there is no support for terminating mobile code short 
of terminating the entire language run-time. This article presents a c ... 

Keywords: Applets, Internet, Java, resource control, soft termination, termination 



JRes: a resource accounting interface for Java 

Grzegorz CzajkowskI, Thorsten von Eicken 

October 1998 ACi^ SIGPLAN Notices , Proceedings of tlie 13tli ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, and 
applications OOPSLA '98, volume 33 issue 10 

Publisher: ACM Press 
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Full text available: ^ pdf (2.01 MB) full citation , abstract , references , citings , index 

terms 

With the spread of the Internet the computing model on server systems is undergoing 
several important changes. Recent research ideas concerning dynamic operating system 
extensibility are finding their way into the commercial domain, resulting in designs of 
extensible databases and Web servers. In addition, both ordinary users and service 
providers must deal with untrusted downloadable executable code of unknown origin and 
intentions.Across the board, Java has emerged as the language of choice fo ... 

Keywords: Java, extensible systems, resource management 



A s pecification of Java loading and bytecode verification 
Allen Goldberg 

November 1998 Proceedings of the 5th ACM conference on Computer and 

communications security CCS '98 
Publisher: ACM Press 

Full text available: ^pdf (1.15 MB) Additional Information: full citation , references , citings , index terms 



Keywords: Java, bytecode verification, flow analysis, formal specification 



Composing security policies with polymer 
Lujo Bauer, Jay LIgatti, David Walker 

June 2005 ACM SIGPLAN Notices , Proceedings of the 2005 ACM SIGPLAN conference 
on Programming language design and implementation PLDI '05, volume 40 

Issue 6 
Publisher: ACM Press 

Full text available- Wi Ddfd 55 1 6 KB) ^^^'^'^"^^ Information: full citation , abstract , references , citings, index 

terms 

We Introduce a language and system that supports definition and composition of complex 
run-time security policies for Java applications. Our policies are comprised of two sorts of 
methods. The first is query methods that are called whenever an untrusted application 
tries to execute a security-sensitive action. A query method returns a suggestion 
indicating how the security-sensitive action should be handled. The second sort of 
methods are those that perform state updates as the pol ... 

Keywords: composable security policies, edit automata, program monitors, run-time 
enforcement, security automata 



Design and implementation of a distributed virtual machine for networked computers \ 

Emin Gun Sirer, Robert Grimm, Arthur J. Gregory, Brian N. Bershad 

December 1999 ACM SIGOPS Operating Systems Review , Proceedings of the 

seventeenth ACM symposium on Operating systems principles SOSP 

'99, Volume 33 Issue 5 
Publisher: ACM Press 

Full text available' Hi Ddfd 62 MB) Additional Information: full citation , abstract , references , citings , index 

This paper describes the motivation, architecture and performance of a distributed virtual 
machine (DVM) for networked computers. DVMs rely on a distributed service architecture 
to meet the manageability, security and uniformity requirements of large, heterogeneous 
clusters of networked computers. In a DVM, system services, such as verification, security 
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enforcement, compilation and optimization, are factored out of clients and located on 
powerful network servers. This partitioning of system fun ... 

10 A practical comparison between Java and Ada in implementing a real-time 
^ embedded system 
^ Eric Potratz 

December 2003 ACM SIGAda Ada Letters , Proceedings of the 2003 annual ACM 

SZGAda international conference on Ada: the engineering of correct 
and reliable software for real-time & distributed systems using ada 
and related technologies SigAda '03, volume xxiv issue i 

Publisher: ACM Press 

Full text available- fill Ddf(259 58 KB) A^^'*'^"^' Information: full citation , abstract , references , citings , index 
• ^ : teons, re\dew 

This paper presents a student's observations from an undergraduate research project that 
explored using Java to implement the software for a real-time embedded system that was 
originally implemented in a university-level real-time systems course using Ada 95. It 
briefly gives an overview of the project, the decision made concerning which Java virtual 
machine to use, and how that virtual machine performed In the real-time environment. It 
then goes into detail about the merits and drawbacks of usi ... 

Keywords: Ada, Java, concurrency, conditional synchronization, drivers, embedded 
systems, memory management, object-oriented programming, package elaboration, 
performance, priority inversion, real-time systems, scheduling 



A static ty pe s ystem for JVM access control 
Tomoyuki Higuchi, Atsushi Ohori 

August 2003 ACM SIGPLAN Notices, Proceedings of the eighth ACM SIGPLAN 

international conference on Functional programming ICFP '03, volume 38 
Issue 9 
Publisher: ACM Press 

Full text available- IS Ddfd 50 01 KB) Additional Information: full citation, abstract, references, citings, index 
' ^-^—^ terms 

This paper presents a static type system for JAVA Virtual Machine (JVM) code that 
enforces an access control mechanism similar to the one found, for example, in a JAVA 
implementation. In addition to verifying type consistency of a given JVM code, the type 
system statically verifies that the code accesses only those resources that are granted by 
the prescribed access policy. The type system is proved to be sound with respect to an 
operational semantics that enforces access control dynamically, si ... 

Keywords: JVM, access control, stack inspection, type inference, type system 



Kava: a Java dialect v^ith a uniform object model for lightweight classes | 
David F. Bacon 

June 2001 Proceedings of the 2001 Joint ACM-XSCOPE conference on Java Grande JGZ 
'01 

Publisher: ACM Press 

Full text available- IS Ddf(847 52 KB) Additional Information: fuil citation, abstract, references , citings , index 

terms 

Object-oriented programming languages have always distinguished between '^primitive" 
and ''user-defined" data types, and In the case of languages like C++ and Java, the 
primitives are not even treated as objects, further fragmenting the programming model. 
The distinction is especially problematic when a particular programming community 
requires primitive-level support for a new data type, as for complex, Intervals, fixed- 



http://portal.acm.org/results.cfm?coll=ACM&dl=ACM&CFID=3 1 273258&CFTOKEN=l 547... 8/9/07 



I?Lesults (page I): target classes, enforcement point, insert. by tecode 



Page 5 of 7 



pointed numbers, and so on. 
We present Kav ... 

13 Formalizing the safety of Java, the Java virtual machine, and Java card 
Pieter H. Hartel, Luc Moreau 

December 2001 ACM Computing Surveys (CSUR), volume 33 issue 4 
Publisher: ACM Press 

Full text available* ® pdf(442 86 KB) A^^'*'*^"^* Information: full citation , abstract , references , citing s, index 

terms 

We review the existing literature on Java safety, emphasizing formal approaches, and the 
impact of Java safety on small footprint devices such as smartcards. The conclusion is 
tfiat although a lot of good work has been done, a more concerted effort Is needed to 
build a coherent set of machine-readable formal models of the whole of Java and its 
implementation. This is a formidable tasl< but we believe it is essential to build trust in 
Java safety, and thence to achieve ITSEC level 6 or Common Crite ... 

Keywords: Common criteria, programming 



14 Fine-grained interoperability through mirrors and contracts 
^ Kathryn E. Gray, Robert Bruce Findler, Matthew Flatt 

October 2005 ACM SIGPLAN Notices , Proceedings of the 20th annual ACM SIGPLAN 
conference on Object oriented programming, systems, languages, and 
applications OOPSLA '05, volume 40 issue lo 
Publisher: ACM Press 

Full text available: ^pdf( 391.61 KB) Additional Information: full citation , abstract , references , index terms 

As a value flows across the boundary between interoperating languages, it must be 
checked and converted to fit the types and representations of the target language. For 
simple forms of data, the checks and coercions can be immediate; for higher order data, 
such as functions and objects, some must be delayed until the value is used In a 
particular way. Typically, these coercions and checks are implemented by an ad-hoc 
mixture of wrappers, reflection, and dynamic predicates. We observe that 1) the ... 

Keywords: Java, contracts, interoperability, mirrors, scheme 



15 Incommunicado: efficient communication for isolates 

#Krzysztof Palacz, Jan Vitek, Grzegorz Czajkowski, Laurent Daynas 
Novennber2002 ACM SIGPLAN Notices , Proceedings of the 17th ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, 
and applications OOPSLA '02, volume 37 issue ii 
Publisher: ACIW Press 

Full text available: ^ pdf(386.23 KB) Additional Information: full citation , abstract , references , citings 

Executing computations in a single instance of safe language virtual machine can improve 
performance and overall platform scalability. It also poses various challenges. One of 
them is providing a fast inter-application communication mechanism. In addition to being 
efficient, such a mechanism should not violate any functional and non-functional 
properties of Its environment, and should also support enforcement of application-specific 
security policies. This paper explores the design and implement ... 

Keywords: application isolation, inter-application communication 
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16 Full papers: Runtime aspect weaving through metaprogramming 

Jason Baker, Wilson Hsieh 

April 2002 Proceedings of the 1st international conference on Aspect-oriented 
software development AOSD '02 

Publisher: ACM Press 

Full text available: ■g.BdfCSamKBl Additional Information: M^ation abstract, references , dtings. index 

We describe an extension to the Java language, Handi-Wrap, that supports weaving 
aspects into code at runtime. Aspects in Handi-Wrap take the form of method wrappers, 
which allow aspect code to be inserted around method bodies like advice in Aspect). 
Handi-Wrap offers several advantages over static aspect languages such as AspectJ. First, 
aspects can be woven into binary libraries. Second, a wrapper in Handi-Wrap is a first- 
class Java value, which allows users to exploit Java mechanisms to defin ... 

Efficient control flow quantification 

Christoph Bockisch, Sebastian Kanthak, Michael Haupt, Matthew Arnold, Mira Mezini 
October 2006 ACM SIGPLAN Notices , Proceedings of the 21st annual ACM SI6PLAN 
conference on Object-oriented programming systems, languages, and 
applications OOPSLA '06, volume 4i issue lo 
Publisher: ACM Press 

Full text available: ^ pdf(245.83 KB) Additional Information: full citation , abstract, references , index terms 

Aspect-oriented programming (AOP) is increasingly gaining In popularity. However, the 
focus of aspect-oriented language research has been mostly on language design issues; 
efficient implementation techniques have been less popular. As a result, the performance 
of certain AOP constructs is still poor. This is in particular true for constructs that rely on 
dynamic properties of the execution (e.g., the cflow construct). In this paper, we present 
efficient implementation techniques for cf/ ... 

Keywords: aspect-oriented programming, control flow, virtual machine support 



Secure program partitionin g | 
Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Myers 
August 2002 ACM Transactions on Computer Systems (TOCS), volume 20 issue 3 

Publisher: ACM Press 

Full text available- IB pdf(497.12 KB) A^^'^'^"®' Information: full citation , abstract , references , citing s, index 

terms 

This paper presents secure program partitioning, a language-based technique for 
protecting confidential data during computation In distributed systems containing mutually 
untrusted hosts. Confidentiality and integrity policies can be expressed by annotating 
programs with security types that constrain Information flow; these programs can then be 
partitioned automatically to run securely on heterogeneously trusted hosts. The resulting 
communicating subprograms collectively implement the original p ... 

Keywords: Confidentiality, declassification, distributed systems, downgrading, integrity, 
mutual distrust, secrecy, security policies, type systems 



19 Stack allocation and synchronization optimizations for Java usin g escape analy sis 
^ Jong-Deok Choi, Manlsh Gupta, Mauricio J. Serrano, Vugranam C. Sreedhar, Samuel P. 
>^ Midkiff 

November 2003 ACM Transactions on Programming Languages and Systems 

(TOPLAS), Volume 25 Issue 6 
Publisher: ACM Press 
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This article presents an escape analysis framework for Java to determine (1) if an object 
is not reachable after its method of creation returns, allowing the object to be allocated 
on the stack, and (2) if an object is reachable only from a single thread during its lifetime, 
allowing unnecessary synchronization operations on that object to be removed. We 
introduce a new program abstraction for escape analysis, the connection graph, that Is 
used to establish reachability relationshi ... 

Keywords: Connection graphs, escape analysis, points-to graph 

20 Mobile code: Empowering mobile code using expressive security policies Q 
V. N, Venkatakrishnan, Ram Peri, R, Sekar 

September 2002 Proceedings of the 2002 workshop on New security paradigms NSPW 
•02 

Publisher: ACM Press 

Full text available' IS! Ddf(853 33 KB) Information: full citation , abstract , references , citing s, index 

i^*^ terms 

Existing approaches for mobile code security tend to tal<e a conservative view that mobile 
code is inherently risky, and hence focus on confining it. Such confinement Is usually 
achieved using access control policies that restrict mobile code from taking any action 
that can potentially be used to harm the host system. While such policies can be helpful in 
keeping "bad applets" in check, they preclude a large number of useful applets. We 
therefore take an alternative view of mobile code security, ... 

Keywords: code transformation, mobile code security, security policies 
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1 Security issues surroundin g programmin g languages for mobile code: JAVA vs. Safe- 
Ic! 

Stefanos Gritzalis, George Aggelis 
April 1998 ACM SIGOPS Operating Systems Review, volume 32 issue 2 

Publisher: ACM Press 

Full text available: g pdf(1.42 MB ) Additional Infomiation: full citation , abstract , references 

JAVA is claimed to be a system programming language having a number of advantages 
over traditional programming languages. These advantages stem from the fact that it is a 
platform - independent language, thus promising truly network oriented computing as 
long as a nearly universal system for distributing applications. On the other hand, 
although being an interpreted, much simpler, scripting language, Safe-Tcl was proposed 
as an executable contents type of MIME and thus as the standard language f ... 

2 Programming for separation of concerns (PSC): PoiicV'driven reflective enforcement 

^ of security policies 
^ Ian Welch, Fan Lu 

April 2006 Proceedings of tlie 2006 ACM symposium on Applied computing SAC '06 

Publisher: ACM Press 

Full text available: Qpdf d 05.96 KB) Additional Information: full citation , abstract , references , index terms 

Practical experience has shown that separating security enforcement code from functional 
code using separation of concerns techniques such as behavioural reflection leads to 
improvements in code undestandability and maintainability. However, using these 
techniques at requires providing a consistent and declarative way to specify policies. We 
have developed a prototype tool that allows the use of Ponder policies that are enforced 
by the Kava metaobject protocol. This prototype translates high-lev 



Keywords: reflection, security policies 



3 Security and protection: Adaptiveness in well-typed Java bytecode verification 
^ F. Y. Huang, C. B, Jay, D. B. Skillicorn 

October 2006 Proceedings of the 2006 conference of the Center for Advanced Studies 
on Collaborative research GASCON '06 

Publisher: ACM Press 

Full text available: 'Q pdf(301.36 KB) Additional Information: full citation , abstract , references , index terms 
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Research on security techniques for Java bytecode has paid little, attention to the security 
of the implementations of the techniques themselves, assuming that ordinary tools for 
programming, verification and testing are sufficient for security. However, different 
categories of security policies and mechanisms usually require different implementations. 
Each implementation requires extensive effort to test it and/or verify it. We show that 
programming with well-typed pattern structures in a statica 

Mobile code: Ennpowering nnobile code using expressive security policies 
V. N. Venkatakrishnan, Ram Peri, R. Sekar 

September 2002 Proceedings of the 2002 workshop on New security paradigms NSPW 
•02 

Publisher: ACM Press 

Full text available* 1511 Ddf(853 33 KB) Additional Information: full citation , abstract , references , citings , index 
*^ terms 

Existing approaches for mobile code security tend to take a conservative view that mobile 
code is inherently risky, and hence focus on confining it. Such confinement is usually 
achieved using access control policies that restrict mobile code from taking any action 
that can potentially be used to harm the host system. While such policies can be helpful In 
keeping "bad applets" in check, they preclude a large number of useful applets. We 
therefore take an alternative view of mobile code security, ... 

Keywords: code transformation, mobile code security, security policies 



5 Separating access control policy, enforcement, and functionality in extensible | 
^ systems 

^ Robert Grimm, Brian N. Bershad 

February 2001 ACM Transactions on Computer Systems (TOCS), volume 19 issue i 
Publisher: ACM Press 

Full text available* 153 Ddf(164 03 KB) Information: fiill citation, abstract , references , citings , index 

terms, review 

Extensible systems, such as Java or the SPIN extensible operating system, allow for units 
of code, or extensions, to be added to a running system in almost arbitrary fashion. 
Extensions closely interact through low-latency but type-safe interfaces to form a tightly 
integrated system. As extensions can come from arbitrary sources, not all of whom can be 
trusted to conform to an organization's security policy, such structuring raises the 
question of how security constraints are enforced in an ... 

Keywords: Java, SPIN, access check, auditing, extensible systems, policy-neutral 
enforcement, protection domain, protection domain transfer, security policy 



Safety critical systems: A type system to assure scope safety within safety-critical 

Java modules 
Kelvin Nllsen 

October 2006 Proceedings of the 4th international workshop on Java technologies for 
real-time and embedded systems JTRES '06 

Publisher: ACM Press 

Full text available: Q pdf(409.03 KB) Additional Information: full citation , abstract , references , index terms 

To address the needs of safety-critical system developers, a type system based on Java 
5.0 meta-data annotations and special bytecode verification techniques is described. This 
type system enables programmers to develop code for which the byte code verifier is able 
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to prove the absence of scoped memory protocol errors, thereby eliminating the need for 
run-time assignment checks. Benefits of the type system Include Improved software 
reliability, easier maintenance and integration of Independently ... 

Keywords: DO-178B, RTSJ, Java, safety-critical certification, scoped memory 



7 Model-carryin g code: a practical approach for safe execution of untrusted | 
^ applications 

^ R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar, Daniel C. DuVarney 

October 2003 ACM SIGOPS Operating Systems Review , Proceedings of the nineteenth 
ACM symposium on Operating systems principles SOSP '03, volume 37 issue 

5 

Publisher: ACM Press 

Full text avaiiable' IS Ddf(301 30 KB) Additional Information: full citation , abstract , references , citings , index 

terms 

This paper presents a new approach called model-carrying code (MCC) for safe execution 
of untrusted code. At the heart of MCC is the idea that untrusted code comes equipped 
with a concise high-level model of Its security-relevant behavior. This model helps bridge 
the gap between high-level security policies and low-level binary code, thereby enabling 
analyses which would otherwise be impractical. For instance, users can use a fully 
automated verification procedure to determine if the code ... 

Keywords: mobile code security, policy enforcement, sand-boxing, security policies 

8 Secure virtual enclaves: Supporting coalition use of distributed application | 
^ technologies 

^ May 2001 ACM Transactions on Information and System Security (TISSEC), volume 4 

Issue 2 
Publisher: ACM Press 

Full text available: IS pdf(462J0JKB) Additional Information: full citation , abstract , references , citings, index 

terms , review 

The Secure Virtual Enclaves (SVE) collaboration infrastructure allows multiple 
organizations to share their distributed application objects, while respecting organizational 
autonomy over local resources. The infrastructure is transparent to applications, which 
may be accessed via a web server, or may be based on Java or Microsoft's DCOM. The 
SVE infrastructure is implemented in middleware, with no modifications to COTS operating 
systems or network protocols. The system enables dynamic updates to ... 

Keywords: Access control, coalition, collaborative system, group communication, 
middleware, security policy 



9 SASI enforcement of securit y policies: a retros pective 
Ulfar Eriingsson, Fred B. Schneider 

Septennber 1999 Proceedings of the 1999 workshop on New security paradigms NSPW 
'99 

Publisher: ACM Press 

Full text available: ^ pdf(862.14 KB) Additional Information: full citation , references , citings , index terms 



'•o Termination in language-based systems 
Algis Rudys, Dan S. Wallach 
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May 2002 ACM Transactions on Information and System Security (TISSEC), volume 5 

Issue 2 
Publisher: ACM Press 

Full text available* "B pdf(355.43 KB) A^^'*'®"^* Information: full citation , abstract , references , citings , index 

terms 

Language run-time systenris are increasingly being embedded in systems to support run- 
time extensibility via mobile code. Such systems raise a number of concerns when the 
code running in such systems is potentially buggy or untrusted. Although sophisticated 
access controls have been designed for mobile code and are shipping as part of 
commercial systems such as Java, there is no support for terminating mobile code short 
of terminating the entire language run-time. This article presents a c ... 

Keywords: Applets, Internet, Java, resource control, soft termination, termination 



11 A protection scheme for mobile agents on Java 
D. Hagimont, L. Ismail 

September 1997 Proceedings of the 3rd annual ACM/IEEE international conference on 
Mobile computing and networking MobiCom '97 

Publisher: ACM Press 

Full text available: ^pdf(1.10 MB) Additional Information: full citation , references , citinos . index terms 




12 Access ri g hts analysis for Java 

Larry Koved, Marco Pistoia, Aaron Kershenbaum 

November 2002 ACM SXGPLAN Notices , Proceedings of the 17th ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, 
and applications OOPSLA '02, volume 37 issue ii 
Publisher: ACM Press 

Full text available: « pdf(360.93 KB) Additional Infomiation: full citation , abstract, references , dtiogs, index 

terms 

Java 2 has a security architecture that protects systems from unauthorized access by 
mobile or statically configured code. The problem is in manually determining the set of 
security access rights required to execute a library or application. The commonly used 
strategy is to execute the code, note authorization failures, allocate additional access 
rights, and test again. This process iterates until the code successfully runs for the test 
cases in hand. Test cases usually do not cover all paths th ... 

Keywords: Java security, access rights, call graph, data flow analysis, invocation graph, 
security 



13 Systems and prototypes: Java support for data-intensive systems: experiences 
^ building the telegraph dataflow system 

^ Mehul A. Shah, Michael J. Franklin, Samuel Madden, Joseph M. Hellerstein 
December 2001 ACM SIGMOD Record, volume 30 issue 4 
Publisher: ACM Press 

Full text available: Q pdf(1 .38 MB) Additional Infonmation: full citation, abstract, references , dtiogs 

Database system designers have traditionally had trouble with the default services and 
interfaces provided by operating systems. In recent years, developers and enthusiasts 
have Increasingly promoted Java as a serious platform for building data-Intensive servers. 
Java provides a number of very helpful language features, as well as a full run-time 
environment reminiscent of a traditional operating system. This combination of features 
and community support raises the question of whether Java Is be ... 
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14 Migration: L una: a flexible Java protection system 
Chris Hawblitzel, Thorsten von Eicken 

December 2002 ACM SIGOPS Operating Systems Review, volume 36 issue si 
Publisher: ACM Press 

Full text available- IS Ddfd 39 MB) Additional Information: full citation , abstract , references , cited by , index 

* I^SJ^^-^ terms 

Extensible Java systems face a difficult trade-off between sharing and protection. On one 
hand, Java's ability to run different protection domains in a single virtual machine enables 
domains to share data easily and communicate without address space switches. On the 
other hand, unrestricted sharing blurs the boundaries between protection domains, 
making it difficult to terminate domains and enforce restrictions on resource usage. 
Existing solutions to these problems restrict sharing in an ad-hoc ... 

Software engineering: Propa g ation of JML non-null annotations in Java programs 
Maciej Cielecki, JDdrzej Fulara, Krzysztof Jakubczyk, tukasz Jancewicz 
August 2006 Proceedings of tlie 4tli international symposium on Principles and 

practice of programming in Java PPPJ '06 
Publisher: ACM Press 

Full text available: 'g| pdf(376.78 KB) Additional Information: full citation , abstract , references , index terms 

Development of high quality code is notably difficult. Tools that help maintaining the 
proper quality of code produced by programmers can be very useful: they may increase 
the quality of produced software and help managers to ensure that the product is ready 
for the market. One of such tools is ESC/Java2, a static checker of Java Modeling 
Language annotations. These annotations can be used to ensure that a certain assertion 
is satisfied during the execution of the program, among the others - to ... 

16 Computability classes for enforcement mechanisms 
^ Kevin W. Hamlen, Greg Morrisett, Fred B. Schneider 

January 2006 ACM Transactions on Programming Languages and Systems (TOPLAS), 

Volume 28 Issue 1 
Publisher: ACM Press 

Full text available* IS Ddf(337 62 KB) Additional Information: full citation, abstract , references , citings , index 

'■ terms 

A precise characterization of those security policies enforceable by program rewriting is 
given. This also exposes and rectifies problems in prior work, yielding a better 
characterization of those security policies enforceable by execution monitors as well as a 
taxonomy of enforceable security policies. Some but not all classes can be identified with 
• known classes from computational complexity theory. 

Keywords:. Program rewriting, edit automata, execution monitoring, inlined reference 
monitoring, reference monitors, security automata 



17 Analysis against attacks: Using web application construction frameworks to protect | 
^ against code injection attacks 
^ Benjamin Livshits, Ulfar Eriingsson 

June 2007 Proceedings of the 2007 woricshop on Programming languages and 
analysis for security PLAS '07 

Publisher: ACM Press 

Full text available: Q pdf(566.79 KB) Additional Information: full citation , abstract, references , index terms 

In recent years, the security landscape has changed, with Web applications vulnerabilities 
becoming more prominent that vulnerabilities stemming from the lack of type safety, such 
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as buffer overruns. Many reports point to code injection attacks such as cross-site 
scripting and RSS injection as being ttie most common attacks against Web applications 
to date. Witfi Web 2.0 existing security problems are further exacerbated by the advent of 
Ajax technology that allows one to create and compose HTM ... 

Keywords: code Injection attacks, same-origin policy, software construction frameworks, 
software security 



18 The KaffeOS Java runtime system 
Godmar Back, Wilson C. Hsieh 

July 2005 ACM Transactions on Programming Languages and Systems (TOPLAS), 

Volume 27 Issue 4 

Publisher: ACM Press 

Full text availabie* fi^ pdf(704 30 KB) A^^'*'*^"^' information: fuli citation , abstract , references , citings, index 

terms , review 

Single-language runtime systems, in the form of Java virtual machines, are widely 
deployed platforms for executing untrusted mobile code.. These runtimes provide some of 
the features that operating systems provide: interapplication memory protection and 
basic system services. They do not, however, provide the ability to isolate applications 
from each other. Neither do they provide the ability to limit the resource consumption of 
applications. Consequently, the performance of current systems degra ... 

Keywords: Robustness, garbage collection, isolation, language runtimes, resource 
management, termination, virtual machines 



19 A practical t y pe system and language for reference imnnutability 
Adrian Birka, Michael D. Ernst 

October 2004 acm SIGPLAN Notices , Proceedings of the 19th annual ACI^ SIGPLAN 
conference on Object-oriented programming, systems, languages, and 
applications OOPSLA '04, Volume 39 Issue 10 
Publisher: ACM Press 

Full text available* IS Ddf(1 71 73 KB) Information: fuil citation , abstract , references , citing s, index 

'•^"^ '' terms 

This paper describes a type system that is capable of expressing and enforcing 
immutability constraints. The specific constraint expressed is that the abstract state of the 
object to which an immutable reference refers cannot be modified using that reference. 
The abstract state is (part of) the transitively reachable state: that is, the state of the 
object and all state reachable from it by following references. The type system permits 
explicitly excluding fields or objects from the abstract ... 

Keywords: Java, Javari, const, immutability, mutable, readonly, type system, verification 



20 MOCA: a service framework for mobile computing devices 

# James Becl<, Alain Geffiaut, Nayeem Islam 
August 1999 Proceedings of the 1st ACM international workshop on Data engineering 

for wireless and mobile access MobiDe '99 
Publisher: ACM Press 

Full text available: ^Ddfl911.37 KB) Additional Information: full citation , references , citings , index terms 
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IBM TDB 







2007/08/08 18:42 



2007/08/08 18:43 



2007/08/08 18:44 



2007/08/08 18:44 



2007/08/08 18:44 



2007/08/08 18:45 



2007/08/08 18:45 
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S15 


2 


((authorization same 
enforcement$2) same ((piuggable 
or insert or inject) nearlO code)) 
and framework$2 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


ON 


2007/08/08 18:46 


S16 


5 


((autliorization same enforcement 
same ((pluggable or insert or inject) 
nearlO code))) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 18:47 


S17 


0 


(authorization$2 same enforcment 
same ((pluggable or insert or inject) 
near4 code) same runtime) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 18:47 


S18 


1 


(authorization adj enforcement and 
((pluggable or insert or inject) adj4 
code) and runtime) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 18:48 


S19 


4 


(java near4 (bytecode or scrfptcode 
or (byte adj code) or (script adj 
code)) near4 (insert$4 or inject$4)) 
same runtime 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


ON 


2007/08/08 18:50 


S20 


9 


(java same (bytecode or scriptcode 
or (byte adj code) or (script adj 
code)) near4 (insert$4 or inject$4)) 
same runtime 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 18:51 


S21 


2 


(java same (bytecode or scriptcode 
or (byte adj code) or (script adj 
code)) same (insert$4 or inject$4) 
same (runtime or (class adj loader)) 
same security) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM TDB 


OR 


ON 


2007/08/08 19:03 
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S22 


4523 


(local adj variable) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB ' 


OR 


ON 


2007/08/08 19:04 


S23 


197 


(local adj variable) and (instance adj 
variable) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; jIO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 19:04 


S24 


3 


(local adj variable) and (instance adj 
variable) and (permission adj 
class$2) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 19:07 


S25 


2 


(authorization adj enforcement adj 
point) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 19:08 


S26 


72 


permission$4 adj class and (java) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 19:21 


S27 


1806 


(target adj class$3) 


US-PGgMi. 
USP/^^' 

usodq^ • 

FPRS; 
EPO; JPO; 
DERWENT; 
IBM_TDB 


T 


ON 


2007/08/08 19:21 


S28 


• 227 


(target adj class$3) and java 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM.TDB 


OR 


ON 


2007/08/08 19:22 
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S29 


6844 


application$2 with authorizat$4 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWEI^; 

IBI^_TDB 


OR 


ON 


2007/08/08 19:23 


S30 


13978 


application$2 with authoriz$8 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWEl^; 

IBI^_TDB 


OR 


ON 


2007/08/08 19:23 


S31 


3262 


application$2 with authoriz$8 and 
Java 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 19:23 


S32 


0 


application$2 with authoriz$8 and 
Java and (class44) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBI^.TDB 


OR 


ON 


2007/08/09 11:39 


S33 


1955 


application$2 with authoriz$8 and 
Java and (class$2) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 19:24 


S34 


78 


application$2 with authoriz$8 and 
Java and (class$2) and (insert$4 
inject$4) with (class$3) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/08 19:24 


S35 


452 


(bytecode (byte adj code)) same 
security 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM.TDB 


OR 


ON 


2007/08/09 11:39 
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S36 


35 


S35 same policy 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWEI^; 

IBI^JTDB 


OR 


ON 


2007/08/09 11:39 


S37 


14 


(bytecode (byte adj code)) with 
(lnsert$4 inject$4) same security 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IB|W|_TDB 


OR 


ON 


2007/08/09 11:40 


S38 


52 


Java same security same permission 
witli class 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IB|v|_TDB 


OR 


ON 


2007/08/09 14:11 


S39 


1326 


713/189.ccls. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBI^.TDB 


OR 


ON 


2007/08/09 14:33 


S40 


2 


713/189.ccls. and (authoriz$3 same 
enforc»$4 same po!nt$2) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBI^JTDB 


OR 


ON 


2007/08/09 14:33 


S41 


0 


713/189.ccls. and (authoriz$4 same 
enforce$4 same point$2) and java 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


ON 


2007/08/09 14:34 


S42 


10 


713/189.ccis. and application$2 with 
authoriz$8 and java and (class$2) 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM TDB 


OR 


ON 


2007/08/09 14:57 
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S43 


2040 


713/189.cx:ls. 726/21.ccls. 719/320. 
ccls. 713/152.cds. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 14:58 


S44 


1 


S43 and (authorization adj 
enforcement adj point$2).clm. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 14:59 


S45 


5 


S43 and (permission$2 near2 
class$2).clm. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:00 


S46 


1 


S43 and (permission$2 near2 
class$2).clm. and (inseit$4 
inject$4).clm. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:01 


S47 


8 


KILROY near3 JOHN.in. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:02 


S48 


67409 


INTERNATIONAL adj BUSINESS adj 
MACHINES adj CORPORATION.as. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:03 


S49 


6 


INTERNATIONAL adj BUSINESS adj 
MACHINES adj CORPORATION.as. 
and (permission$2 near2 class$2). 
dm. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:14 
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S50 


5012 


java.clm. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:14 


S51 


1194 


java.clm. and (class).clm. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:14 


S52 


513 


java.clm. and (class).clm. and ((byte 
adj code) bytecode)"clm." 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:15 


S53 


513 


java.clm. and (class).clm. and ((byte 
adj code) bytecode)"clm." 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:15 


S54 


159 


java.clm. and (class).clm. and ((byte 
adj code) bytecode).clm. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2007/08/09 15:15 


S55 


7 


java.clm. and (class).clm. and ((byte 
adj code) bytecode).clm. and 
(declaration).clm.. 


US-PGPUB; 

USPAT; 

USOCR; 

FPRS; 

EPO; JPO; 

DERWENT; 

IBM.TDB 


OR 


ON 


2007/08/09 15:15 
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